cCode: AP.PRE.REQ 



PTO/SB/33 (07-05) 
Approved for use through xx/xx/200x. 0MB 0651 -OOxx 
U.S. Patent and Trademark Office: U.S. DEPARTMENT OF COMMERCE 



PRE-APPEAL BRIEF REQUEST FOR REVIEW 


Docket Number (Optional) 
2000.056900/TT4089 


1 hereby certify that this correspondence Is being deposited with the 
United States Postal Service via facsimile 

addressed to "Mail Stop AF, Commissioner for 
Patents, P.O. Box 1450. Alexandria. VA 22313-1450" [37 CFR 1.8(a)] 


Application Number 
10/047,188 


Filed 

01/15/2002 


November 1 1 , 2008^ 


First Named Inventor 






Signature y^^^^^^ 


Brian C. 


Barnes 








Art Unit 




Examiner 


Typed or rmnted Jaison C. John 

name 


2135 




Truong, Thanhnga B. 



Applicant requests review of the final rejection in the above-identified application. No amendments are being filed 
with this request. 



This request is being filed with a notice of appeal. 



The review is requested for the reason(s) stated on the attached sheet(s). 
Note: No more than five (5) pages may be provided. 



I am the 

I I applicant/inventor. 



Signature 

□ assignee of record of the entire interest. Jaison C John 

See 37 CFR 3.71. Statement under 37 CFR 3.73(b) is enclosed. ^' 




(Form PTO/SB/96) Typed or printed name 

1^1 attorney or agent of record, ^) 934-4069 



Registration number _ 



Telephone number 

I I attorney or agent acting under 37 CFR 1 .34. November 1 1 , 2008 



Registration number if acting under 37 CFR 1 .34 Date 

NOTE: Signatures of all the inventors or assignees of record of the entire interest or their representatlve(s) are required. 
Submit multiple forms if more than one signature is required, see below*. 



0 



*Total of forms are submitted. 



This collection of infonmation is required by 35 U.S.C. 132. The information is required to obtain or retain a benefit by the public which Is to file (and by the USPTO 
to process) an application. Confidentiality is governed by 35 U.S.C. 122 and 37 CFR 1.11, 1.14 and 41.6. This collection Is estimated to take 12 minutes to 
complete, Including gathering, preparing, and submitting the completed application form to the USPTO. Time will vary depending upon the individual case. Any 
comments on the amount of time you require to complete this form and/or suggestions for reducing this burden, should be sent to the Chief Information Officer, 
U.S. Patent and Trademark Office, U.S. Department of Commerce, P.O. Box 1450, Alexandria. VA 22313-1450. DO NOT SEND FEES OR COMPLETED 
FORMS TO THIS ADDRESS. SEND TO: Mail Stop AF, Commissioner for Patents, P.O. Box 1450, Alexandria, VA 22313-1450. 



/f you need ass'^tance in completing ttie form, cait ISOO-PTO-OIOQ and seiect option 2. 



IN THE UNITED STATES PATENT AND TRADEMARK OFFICE 

Group Art Unit: 2135 



Linh L.D. Son 

5070 

2000.056900/TT4089 



Application of: 

BRIAN C. BARNES 
GEOFFREY S. STRONGIN 
RODNEY W. SCHMIDT 
Serial No.: 10/047,188 
Filed: JANUARY 15, 2002 

For: METHOD AND APPARATUS FOR MULTI- 
TABLE ACCESSING OF INPUT/OUTPUT 
DEVICES USING TARGET SECRUITY 
REMARKS CONCERNING PRE-APPEAL BRIEF REQUEST FOR REVIEW 



Examiner: 
Conf. No.: 
Atty. Docket: 



CUSTOMER NO.: 23720 



MAIL STOP APPEAL BRIEF- PATENT 

Commissioner for Patents 
P. O. Box 1450 
Alexandria, VA 22313-1450 



Sir: 



CERTIFICATE OF MAILING 
37 C.F.R 1.8 

I hereby certify that this correspondence is being deposited with the U.S. 
Postal Service with sufficient postage as First Class Mail in an envelope 
addressed to: Commissioner for Patents, P.O. Box 1450^lexandria, VA 
22313-1450 on the date below: 

Novemberll, 2008 



Date 




Signature 



Appellants submit the following remarks concerning the Pre-Appeal Brief Request for 
Review filed concurrently herewith. The following remarks show that there are clear errors in 
the Examiner's rejections. The Examiner rejected claims 1-3, 12-14 and 16 under 35 U.S.C. 
103(a) as allegedly being anticipated by Covey (US Patent No, 4,926,476) and further in view of 
U.S. Patent No. 4,.173,783 (Couleur). The Examiner imposed these rejections in the Final 
Office Action mailed June 11, 2008. The Examiner issued an Advisory Action on August 21, 
2008, maintaining the rejection of the Final Office Action. The Examiner's statements in the 
Final Office Action mailed June 11, 2008, represent clear errors. 

The combination of Covey and Couleur does not anticipate or make obvious all of the 
elements of the pending claims of the present application. In the Final Office Action dated June 
11, 2008, the Examiner again, focuses on the argument relating to whether Covey discloses of 
make obvious the establishment of a security level to a software object. The Examiner, in the 
Final Office Action, asserts that Covey is directed to observing security behavior of untrusted 
software under test conditions and a trusted computing base (TCB) enforces security policy by 
enforcing constrains on accesses by certain entities. There are several flaws in the Examiner's 

1 of 5 Remarks on Request for Pre-Appeal Brief Review 

Serial No. 10/047,188 



reasoning. Firstly, the Examiner asserts that objects may be simply files, I/O devices, memory 
pages segments, etc.; however, the claims call for software objects with various non-limiting 
examples provided in the Specification. 

Further, in the Final Office Action, the Examiner seems to support Applicant's arguments 
that the TCB imposes certain constraints that refer to the data and not the software objects 
themselves. As described in further detail below, Covey is directed to providing mechanisms to 
constrain untrusted software to read data from only certain sensitive levels and to write data at 
only certain sensitive levels. The sensitivity levels only relates directly to data and not to 
software objects . Therefore, regardless of the Examiner's assertion that Covey's invention is to 
observe security behavior of untrusted software, it is abundantly clear that Covey does not 
disclose establishing a security level for a software object, but instead refers to sensitivity levels 
with respect to data. 

Further, Covey provides indications that it is not referring to establishing security levels 
for software objects because it explicitly specifies that software need not be examined before it is 
permitted to handle multi-level security data. In other words. Covey is explicit in differentiating 
sensitivity levels being established with respect to data versus the actual software . Therefore, 
Covey simply fails to teach or make obvious the element of establishing the security level 
relating to a software object and Couleur does not make up for this deficit. Further, the 
Examiner argues in the Final Office Action that the RAM 60 in order to enforce different 
security policies at different times anticipates establishing a security level. In the Final Office 
Action, the Examiner deduces that the enforcement process performed by the RAM 60 equates to 
establishing security levels for a software object. However, the Examiner provides no evidence 
to support this assertion. As described herein, Covey simply does not disclose establishing a 
security policy relating to a software object, as described in further details below. 
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Moreover, in the Final Office Action, with regard to the argument that those skilled in the 
art would not combine Covey and Couleur in the manner provided in the claims, the Examiner 
responds by asserting that Covey and Couleur do not need to disclose anything over and above 
the invention as claimed to render it unpatentable or anticipated. However this assertion does not 
advance the Examiner's position in combining Covey and Couleur. The Examiner simply states 
that Covey teaches memory access, which is page memory, but Covey is silent on the capability 
of showing multi-table I/O space access. Couleur, on the other hand, teaches multi-table I/O 
space in the abstract, Figure 1. However, as described further below, the combination of Covey 
and Couleur simply would not make obvious all of the elements of the claims of the present 
invention. Further, there is no evidence that those skilled in the art would find motivation to 
combine them in the manner claimed. Covey is directed to memory access, an more particularly, 
page memory. In contrast. Covey is directed to execution of untrusted software. 

As noted above, the combination of Covey and Couleur do not teach, disclose or make 
obvious all of the elements of claims of the present invention. For example, the Examiner asserts 
that Covey discloses or makes obvious the claim element of establishing a security level for a 
software object that is executed (see for example claim 1). The Examiner cites to section of 
Covey that discuss "sensitivity levels" to argue obviousness of the security level of the software 
object of claims of the present invention. However, the Examiner has misapplied the "sensitivity 
levels" disclosure of Covey. Covey discloses that it contains mechanisms to "constrain untrusted 
software to read data from only certain sensitivity levels and to write data at only certain other 
sensitivity levels " (emphasis added). See col. 3, lines 3-5; Abstract. The sensitivity level of 
Covey is related to the data and not to the software object . In contrast, claim 1 calls for 
"establishing a security level for said software object." Examiner analysis is clearly a 
misapplication of the prior art. Covey is explicitly clear that the sensitivity levels relates directly 
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to only data and not to software objects. In fact, Covey explicitly asserts that software need not 
be examined before it is permitted to handle multi-level security data. See Abstract. This is 
another clear indication that Covey is simply not directed to establishing security levels to 
software objects. Therefore, it is abundantly clear that Covey does not disclose or make obvious 
any type of establishment of a security level to a software object. Instead, Covey discloses 
assigning sensitivity level tags to calculate certain sensitivity levels related to stored data. See 
col. 5, lines 15-19. Covey explicitly indicates that calculation is made for operation results based 
upon how software relates to data from different classification or security levels . See col. 6, lines 
8-10. Therefore, the calculation of sensitivity levels in Covey only relates to data and not to 
software objects. Accordingly, the element of establishing a security level for software object of 
claim 1 is not made obvious by Covey and, further, Couleur does not make up for this deficit. 

Further, the Examiner makes conflicting assertions that undermines Examiner's 
arguments. First, the Examiner asserts that the multi-table input/output (I/O) space access is 
disclosed by Covey; and then, asserts that Covey is silent on the capability of showing the multi- 
table I/O space. See pages 2-3 of the Office Action dated 11/14/2007. Clearly, Covey does not 
disclose any type of a multi-table I/O space access. Covey discloses page tables that include 
page descriptors and labels, which are used to address the memory 70. However, the Examiner 
is, indeed, correct in indicating that Covey is clearly silent on the multi-table I/O space. 
Moreover, Couleur does not make up for this deficit. 

The Examiner asserts that Couleur teaches a multi-table I/O space; however, this is 
clearly not the case. Couleur is directed to converting virtual addresses to absolute addresses 
using page tables. See Abstract of Couleur, col. 2, lines 20-29. However, Couleur is explicit in 
indicating that each peripheral that is connected to an I/O unit relates to a particular page table . 
In other words, even though several page tables are disclosed, multi-table memory access is jnot 

4 of 5 Remarks on Request for Pre-Appeal Brief Review 

Serial No. 10/047,188 



disclosed or made obvious since each peripheral is associated with only one page table . There is 
clearly no disclosure of a multi-table I/O space. See Abstract; col. 2, lines 20-29. Couleur 
clearly indicates that each peripheral device connected to the I/O unit is associated with a page 
table in memory. See col. 2, lines 20-23. Those skilled in the art would not find obvious a multi- 
table I/O space based upon this disclosure. Further, even if arguendo, Couleur were to be 
combined with Covey in the manner alleged by the Examiner, as described above, another 
element, which relates to establishing a security level for the software object, is clearly not 
disclosed or made obvious by Covey, Couleur, or their combination. 

Further, in making an obviousness rejection, it is necessary for the Examiner to identify 
the reason whv a person of ordinary skill in the art would have combined the prior art references 
in the manner set forth in the claims. KSR Int'l Co. v. Teleflex, Inc; at 14, No. 04-1350 (U.S. 
2007). Applicants respectfully submit that the Examiner has not met this burden. If fact, as 
illustrated below, Covey and Couleur would not be combined in the manner set forth in the 
claims. Further, the Examiner has failed into identify why those skilled in the art would combine 
Covey and Couleur, Further, even if Covey and Couleur were combined, all elements of claims 
1-3, 12-14 and 16 would not be taught or made obvious by this combination. Further, Applicants 
acknowledge and appreciate that the Examiner has allowed claims 8-11 and 17-20, and indicated 
that claims 4, 15, 5-7 contain allowable subject matter. 



Respectfully submitted, 

WILLIAMS, MORGAN & AMERSON, P.C. 
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